Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in Consumer Privacy

Consumer Protection Enforcement is #trending: How to Avoid FTC and State Investigations, and What to do When You Get the Knock on the Door

shutterstock_200500832On June 7, 2017, join us for a discussion of hot topics in Federal Trade Commission (FTC) and state consumer protection enforcement.  Partners Bret Cohen, Meghan Rissmiller, and Steven Steinborn will cover recent developments and enforcement trends in data privacy and security, advertising, endorsements, and claim substantiation in practice before the FTC and state authorities.
Continue Reading

Posted in International/EU Privacy

SFC Proposes Baseline Cyber Security Requirements for Internet Trading

shutterstock_187697849The Hong Kong Securities and Futures Commission (“SFC”) has issued a paper containing proposals to introduce cyber security guidelines under the Securities and Futures Ordinance (the “SFO”) applicable to internet brokers (the “Cyber Security Consultation Paper”). Comments are open through 7 July 2017. Continue Reading

Posted in Consumer Privacy, Cybersecurity & Data Breaches, News & Events

Combatting the Massive Wave of WannaCry Ransomware

shutterstock_346593215Major companies, health care organizations and government agencies are facing a wave of cyberattacks involving ransomware that takes control of computers and denies access until a ransom is paid.  These attacks are occurring on a global scale and in some cases are having a significant impact on business and healthcare operations.  The cyberattack has disrupted targets throughout the world from Britain’s National Health Service to US Fortune 500 companies, the Russian Foreign Ministry, and universities in China.

Continue Reading

Posted in News & Events

Upcoming Webinar on Cybersecurity & the Internet of Things

offset_202677 Retouched 300x254“Connected” products—not just traditional IT products—are increasingly subject to cyber attacks globally. The question companies are (and should be) asking is no longer whether there will be an attack involving Internet of Things (IoT) devices and infrastructure, but when. Join us on May 24 for the third installment of our 2017 IoT webinar series and get practical guidance from our international team of cybersecurity lawyers, who will present key elements of Hogan Lovells’ well-received client workshop on this rapidly evolving topic. Continue Reading

Posted in International/EU Privacy

UK Parliament Passes New Digital Economy Act

shutterstock_190715705The Digital Economy Bill passed into UK law last Thursday 27 April 2017 amidst the flurry of activity known as the “wash up” period before the dissolution of Parliament and ahead of the early general election in the UK to be held on 8 June. The Digital Economy Act introduces measures to “modernise the UK for enterprise,” and includes plans for public sector data sharing, direct marketing and age verification for online pornography, amongst other measures. An overview of these measures is set forth in this post. Continue Reading

Posted in Consumer Privacy

German Parliament Passes New Federal Data Protection Act

shutterstock_545082313On 27 April 2017 the German Parliament passed an entirely new Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The new BDSG replaces the old BDSG, which has been in force for the last 40 years. The new BDSG shall adapt the German law to the provisions of the EU General Data Protection Regulation (GDPR). The new BDSG will now form the basis for the adaption of German acts to the GDPR. Further acts concerning special processing situations like social security data protection are likely to follow. Continue Reading

Posted in Health Privacy/HIPAA

New York Regulators Lead the Charge to Fill Health Data Protection Gaps Left by Federal Law

shutterstock_134749508New York AG Settles Data Protection Enforcement Against Mobile Health Apps

After a year-long investigation into mobile health apps claiming to be able to measure vital signs or health indicators through smartphone sensors, the New York Attorney General (NY AG) settled claims against three developers alleged to have engaged in “misleading” marketing claims and “irresponsible” privacy practices. Mobile health apps Cardiio and Runtastic claimed that their apps effectively and accurately measured heart rate after vigorous exercise using only a smartphone camera and sensors. The third, Matis, claimed that its app transformed a smartphone into a fetal heart monitor.

Concerned that unregulated apps claiming to measure key vital signs and other health indicators may harm consumers if the apps provide inaccurate or misleading results, NY AG Eric Schneiderman brought enforcement actions against the trio of developers.

Continue Reading

Posted in International/EU Privacy

Article 29 Working Party Issues Guidance on Data Protection Impact Assessments

iStock_000043404048_XXXLarge 1The steady trickle of GDPR guidance from the Article 29 Working Party continues. Fresh from finalising its guidance on data portability, lead supervisory authorities and data protection officers, the Working Party has published draft guidance on data protection impact assessments (DPIA), the full text of which is available on the Working Party website. Comments can be submitted to the Working Party by 23 May 2017, after which the guidance will be finalised. Continue Reading

Posted in International/EU Privacy

State of the Cyber Nation: UK Government Report on Cybersecurity Breaches

shutterstock_170180216 1On 19 April 2017, the UK Government’s Department for Culture, Media and Sport (DCMS) published a report on cybersecurity breaches and how they affected UK companies in the last year.  Continue Reading

Posted in International/EU Privacy

An Opportunity to Shape Compliance with GDPR

shutterstock_156148373A close observer of the GDPR will have noticed that, in several places, individual EU Member States can implement derogations from the GDPR requirements. Of course, as a regulation under EU law there is less scope for local flexibility under the GDPR than under the current EU Data Protection Directive 95/46. Yet the GDPR does, in a number of key areas, allow an EU Member State to set down local laws that could allow a more locally relevant flavour to a particular aspect of compliance.

Continue Reading